Keeping data secure

We have a number of measures to ensure that we keep customer data secure, available and that customers retain control over it to the fullest extent possible. Culture Amp assumes responsibility for security, availability and performance of the products that we provide.

Data centers

At Culture Amp, we leverage the robust infrastructure of AWS, complemented by key services on Google Cloud Platform (GCP). This multi-cloud strategy enables us to deliver high availability, scalability, and resilience for our applications and services, while also allowing us to select from a range of specialized services from each provider.

In both AWS and GCP environments, we prioritize the security of our data through comprehensive encryption practices. Data is encrypted both at rest and in transit using industry-standard encryption algorithms. This ensures that our sensitive information remains protected from unauthorized access at all times.

Our key management practices are designed to maintain stringent control over encryption keys. We use AWS Key Management Service (KMS) and Google Cloud Key Management to generate, store, and manage encryption keys securely. These services provide automated key rotation, detailed auditing, and granular access controls, ensuring that only authorized personnel can manage and use these keys.

Sharing the responsibility for managing customer data

The Culture Amp platform is designed to empower administrators to self-manage access to data and features through the delegation of roles to users in their tenancy. Customer administrators have the ability to assign common roles which control access to view or export specific data sets directly through the Culture Amp administration interface.

In most instances, customers are able to control the data ingested into the Culture Amp platform via the integration with their HRIS provider. Customers are responsible for only sending the data needed for the integration and to drive the functionality and insights they require.

Our platform seamlessly integrates with a wide variety of customer identity providers, enabling Single Sign-On (SSO) for enhanced security, and user convenience. This integration ensures a streamlined authentication process, reduces the need for multiple logins, allows customer identity and access management teams to centrally control authentication, and enhances the overall user experience.

Controlling access to customer data

Safeguarding customer data is a critical part of our commitment. We utilise a multi-faceted approach, including privacy enhancing techniques like tokenisation, masking and encryption, as well as the principle of “least privilege” to ensure users and services can only access the data necessary to perform their functions.

Our platform enforces fine grained permissions that restrict access to data based on the authenticated user’s context. This is further enhanced by auditing and logging, recording what data was accessed by whom and when.

All data is encrypted by default with robust key life cycle management in place. Data sharing is facilitated via secure interfaces.

Retention and deletion of data

Our privacy policy provides information on retention and deletion of data. If you want to review, correct (if necessary) or delete the information that we have collected and hold about you, please contact our Privacy Officer at privacy@cultureamp.com.

Culture Amp prioritises the protection of customer data by implementing a robust backup strategy. We ensure that all critical data is regularly backed up to secure locations. These backups are designed to safeguard against data loss, providing a reliable means of data recovery in the event of an incident. Customer data is retained in our backups for 90 days, offering an appropriate window for restoration if needed. After this period, data automatically rolls-over, ensuring that our backup storage remains efficient and up-to-date and removing the need for manual data deletion from our backup sets.